2023-04-18 15:10 UTC+0200 ~ Florian Westphal <fw@xxxxxxxxx> > Dump protocol family, hook and priority value: > $ bpftool link > 2: netfilter prog 14 > ip input prio -128 > pids install(3264) > 5: netfilter prog 14 > ip6 forward prio 21 > pids a.out(3387) > 9: netfilter prog 14 > ip prerouting prio 123 > pids a.out(5700) > 10: netfilter prog 14 > ip input prio 21 > pids test2(5701) > > v2: Quentin Monnet suggested to also add 'bpftool net' support: > > $ bpftool net > xdp: > > tc: > > flow_dissector: > > netfilter: > > ip prerouting prio 21 prog_id 14 > ip input prio -128 prog_id 14 > ip input prio 21 prog_id 14 > ip forward prio 21 prog_id 14 > ip output prio 21 prog_id 14 > ip postrouting prio 21 prog_id 14 > > 'bpftool net' only dumps netfilter link type. netfilter links are sorted by > protocol family, hook and priority. > > Suggested-by: Quentin Monnet <quentin@xxxxxxxxxxxxx> > Link: https://lore.kernel.org/bpf/eeeaac99-9053-90c2-aa33-cc1ecb1ae9ca@xxxxxxxxxxxxx/ > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > tools/bpf/bpftool/link.c | 83 ++++++++++++++++++++++++++ > tools/bpf/bpftool/main.h | 3 + > tools/bpf/bpftool/net.c | 105 +++++++++++++++++++++++++++++++++ > tools/include/uapi/linux/bpf.h | 15 +++++ > tools/lib/bpf/libbpf.c | 2 + > 5 files changed, 208 insertions(+) > > diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c > index c40e44c938ae..61710cc63ef7 100644 > --- a/tools/bpf/bpftool/net.c > +++ b/tools/bpf/bpftool/net.c > @@ -647,6 +647,107 @@ static int do_detach(int argc, char **argv) > +static void show_link_netfilter(void) > +{ > + unsigned int nf_link_len = 0, nf_link_count = 0; > + struct bpf_link_info *nf_link_info = NULL; > + __u32 id = 0; > + > + while (true) { > + struct bpf_link_info info; > + int fd, err; > + __u32 len; > + > + err = bpf_link_get_next_id(id, &id); > + if (err) { > + if (errno == ENOENT) > + break; > + p_err("can't get next link: %s (id %d)", strerror(errno), id); > + break; > + } > + > + fd = bpf_link_get_fd_by_id(id); > + if (fd < 0) { > + p_err("can't get link by id (%u): %s", id, strerror(errno)); > + continue; > + } > + > + memset(&info, 0, sizeof(info)); > + len = sizeof(info); > + > + err = bpf_link_get_info_by_fd(fd, &info, &len); > + > + close(fd); > + > + if (err) { > + p_err("can't get link info for fd %d: %s", fd, strerror(errno)); > + continue; > + } > + > + if (info.type != BPF_LINK_TYPE_NETFILTER) > + continue; > + > + if (nf_link_count >= nf_link_len) { > + struct bpf_link_info *expand; > + > + if (nf_link_count > (INT_MAX / sizeof(info))) { > + fprintf(stderr, "link count %d\n", nf_link_count); The only nit I have is that we could use p_err() here, and have a more descriptive message (letting user know that we've reached a limit). Looks all good otherwise. Thanks! Reviewed-by: Quentin Monnet <quentin@xxxxxxxxxxxxx>
